Haavi

Privacy Policy

Last updated: November 26, 2025

The purpose of this privacy policy for the Haavi website (www.haavi.ai) is to clearly inform users how your personal data is collected, used, and protected.

We comply with the requirements of the EU General Data Protection Regulation (GDPR) in processing personal data. This policy applies to all our services, including website use and related activities.

By using our website, you agree that we process your data as described in this policy.

Data controller contact information

The data controller (the party responsible for processing your personal data) is Legit AI Oy, which operates the Haavi website and service.

Email: aku@haavi.ai. Contact person: Aku Nikkola (+358 40 571 2966). You can send all privacy-related inquiries and requests to the above email address.

Processing purposes and legal bases

We process personal data only for predefined purposes and on legal bases permitted by the GDPR.

  • Service provision and user account management: We process your data to provide the service, maintain user accounts, and offer customer support.
  • Communication and information: We use contact information to communicate with you about service-related matters. We request separate consent for marketing messages.
  • Website development and analytics: Technical data and cookie-collected data are used to monitor and improve service usage.
  • Security and abuse prevention: Personal data may be processed to secure the website and user information.
  • Legal obligations: We process personal data to fulfill our statutory obligations.

Personal data retention periods

We retain personal data only as long as necessary to fulfill the described purposes or as required by law.

  • User account data is retained as long as you have an active user account.
  • Customer service and communication data is retained as long as necessary to handle your matter.
  • Analytics and usage data is anonymized or aggregated as soon as possible.
  • Accounting-related data may be retained for up to 6 years in accordance with accounting legislation.
  • You have the right to request deletion of your personal data at any time.

Personal data protection

The security of your personal data is important to us. We use appropriate technical and organizational measures to prevent unauthorized access to data.

Security measures include firewalls, secure server connections, password-protected databases, and encryption methods. Only personnel who need access for their duties can process personal data, and they are bound by confidentiality obligations.

Personal data sharing

We do not sell, rent, or otherwise disclose your personal data to external third parties for marketing purposes. We share personal data with external parties only in the following situations:

  • Service provision: We may use trusted third parties to assist in service delivery (e.g., hosting, analytics, email services).
  • Legal obligations: We may disclose personal data to authorities when required by law.
  • Corporate transactions: If our business is sold or merged, data may be transferred as part of the transaction.
  • If personal data is transferred outside the EU/EEA, we ensure that the transfer has a lawful basis.

Use of cookies

We use cookies and similar tracking technologies on our website to improve the user experience, analyze website usage, and provide a smoother service.

  • Essential cookies: Necessary for website functionality, such as login and security.
  • Functional cookies: Remember your choices and preferences, such as language selection.
  • Analytics cookies: Collect information about website usage for service development.
  • You can manage cookie settings through your browser. Blocking cookies may affect website functionality.

User rights

As a user, you have privacy rights that allow you to influence the processing of your personal data. We provide all GDPR-compliant rights:

  • Right of access: The right to confirm whether we process your personal data and to request a copy of your data.
  • Right to rectification: The right to request correction of inaccurate or incomplete data.
  • Right to erasure: The right to request deletion of your personal data in certain circumstances.
  • Right to restriction: The right to request restriction of processing in certain circumstances.
  • Right to object: The right to object to processing based on your particular personal situation.
  • Right to data portability: The right to receive your data in a structured, machine-readable format.
  • Right to withdraw consent: The right to withdraw your consent at any time.
  • Right to lodge a complaint: The right to file a complaint with the Data Protection Ombudsman's Office.

Privacy policy changes and updates

We may periodically update this privacy policy to reflect changing practices, legislation, or service features.

If we make material changes, we will notify users appropriately. By continuing to use our website after privacy policy updates, you are deemed to have accepted the updated terms.

Contact us

If you have any questions about this privacy policy, Haavi's security, or other Haavi-related matters, please don't hesitate to contact us:

Aku Nikkola, Founder – aku@haavi.ai

Ask Haavi

Chat with Haavi

Leave your details to start chatting with our AI assistant.